Severity: moderate Affected versions:
- Apache Drill 1.19.0 before 1.21.2 Description: XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file. Users are recommended to upgrade to version 1.21.2, which fixes this issue. This issue is being tracked as DRILL-8461 Credit: Yuzhe Huang (finder) References: https://drill.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-48362 https://issues.apache.org/jira/browse/DRILL-8461
